Antivirus suggestions for macOS?

cmucasper
New Contributor II

Hello!

I wanted to get some feedback on what kind of antivirus solutions are being used in the JAMF environment. We're currently using ESET Endpoint Antivirus but I'm not impressed with how it starts up at login.

Any feedback on what you're currently using in your environment and issues you've ran across.

Much appreciated!

18 REPLIES 18

PaulHazelden
Valued Contributor

We use ESET. Not overly happy with it, but it works. Be very careful using it with things like Filr, or Google Drive File Stream. As they scan for changed documents and sync them to the Mac, ESET sees the access and will scan the files. You can kiss good bye to processor performance then, and the Windows guys can stop blaming the Macs as it does the same to them too. It does much the same as a user logs in to the Mac, and can with some accounts with a lot of work take login times to 15 mins.
It does however work and find viruses and malware etc. You just have to be very careful to set it up right, so far it has taken us a couple of years to get to where we are.
I also, on our setup, dont get, the install an app that isnt the AV app. So that the Server can then install another App that is the one you want. Why not install one thing?

cmucasper
New Contributor II

@PaulHazelden

We've had our issues with ESET. Right now it's fairly stable. I've had to add some exceptions for specific file extensions like Adobe InDesign. The only gripe I have so far is that when ESET starts up when a user logs in, it overlays the ESET application settings right in the center of the desktop transparently. Some end users get confused on why they can't click any folders/files on the desktop. It takes awhile for ESET to recognize it needs to be minimized.

MadMacs
New Contributor II

We use SentinelOne for both our Mac and Windows endpoints we manage. We are migrating from Bitdefender GZ and it appears to work well.

cmucasper
New Contributor II

@MadMacs

Thanks for the info. I'll check them out!

jimkirk
New Contributor II

We use Microsoft Defender Advanced Threat Protection (ATP) for Mac. It might be free for you if you're with an .edu that has a Microsoft 365 for Education A5 license.

PE2000
Contributor

take a look at Jamf protect.

patgmac
Contributor III

We use CrowdStrike, which seems to be well behaved and has good company presence in MacAdmins slack.

guidotti
Contributor II

Recommend not using Symantec/Broadcom.

donmontalvo
Esteemed Contributor III

^^^What he said.

Symantec/Broadcom is one of those companies that might support a macOS update or upgrade months after its release, and not without issues.

Look for companies that are zero day ready. Symantec/Broadcom (and for that matter McAfee) are not and will never be ready.

Keep an eye on Jamf Protect. ;)

--
https://donmontalvo.com

morsepacific
New Contributor III

We're using SentinelOne and it works well.

gachowski
Valued Contributor II

So we did a bake-off at the start of the year of some of the top players, and I had real access to their web portals and support forums. My conclusion is that right approach is best breed for each OS platform. A few big vendors their Mac client was clearing doing no more than the built in Apple security. A few vendors said they did more but key features didn't work like remediation making them worse than the Gatekeeper.

While I am not security expert I did get to "play one" for a few weeks, it was very clear to me that Jamf Protect was seeing real security threats that the other are missing. It's also clear that the Jamf Protect team are the 'thought leaders" in the macOS security space.

C

Jason33
Contributor III

We're using CrowdStrike. Simple install, and so far has been playing nice in our environment. We dropped Eset earlier this year when we started upgrading our fleet to Catalina.

flaglerdhart
New Contributor

I'm not in the market for an A/V solution but I haven't been happy with ESET and I'm concerned about Big Sur coming up because kexts are going away and I have a really hard time getting the clients to install on new operating systems. I'd like to know if anyone compared Jamf Protect against ESET, I'd like something to take to my boss.

PE2000
Contributor

We are about to do a trial on jamf protect.

bwoods
Valued Contributor

WHATEVER YOU DO, STAY AWAY FROM BROADCOM/SYMANTEC.

alessio_tedesco
New Contributor III

@bwoods Same quote for Kaspersky Endpoint Security, it's horrible.
We will start a demo of Jamf Protect next week.

cdouglas
New Contributor II

@gachowski , Would you mind sharing what the big players you worked with were? In the end, you are recommending Jamf Protect but what were the others that you were not impressed with? Would love the info!

bwoods
Valued Contributor

@gachowski I recommend Palo Alto Cortex XDR. It was simple to setup and the services don't kill the CPU. Tested on Intel and M1. Palo Alto's VPN, Global Protect, is also a very good product. It allows the user to be connected to VPN at all times.